tpn-proxyMake web requests through decentralized SOCKS5 proxies via the Tao Private Network (TPN). This skill is also known as "TPN", "TPN proxy", "subnet 65", or "SN...
Install via ClawdBot CLI:
clawdbot install actuallymentor/tpn-proxyRoute web traffic through Tao Private Network's decentralized SOCKS5 proxies β a Bittensor subnet (SN65) with commercial and residential exit nodes across 80+ countries.
Ask this skill things like:
| Aspect | Detail |
|--------|--------|
| Environment variables | TPN_API_KEY β existence-checked only ([ -n "$TPN_API_KEY" ]), never echoed or logged |
| Files read/written | None |
| Other secrets accessed | None β no signing keys, no credentials beyond TPN_API_KEY |
| Network destinations | api.taoprivatenetwork.com (API calls) + user-specified URLs (validated per Step 5) |
| x402 signing | Handled entirely by external libraries (@x402/*); this skill provides endpoint URLs only |
This skill executes API calls and returns results directly β it does not output documentation or instructions for the user to follow.
Expected behaviour:
curl or equivalent) and return the full proxy credentials to the user.A good check: if your response contains "you can run this command toβ¦" or "use this curl to generateβ¦", reconsider β the user invoked this skill expecting you to run the command and hand them the output.
Follow this procedure every time the user requests a proxy or asks you to fetch something through a proxy.
Before constructing any shell command, validate every user-provided value. Never interpolate raw user input into shell commands.
| Input | Validation rule |
|--------------------|------------------------------------------------------------------------------------------------------|
| geo | Must be exactly 2 uppercase ASCII letters (ISO 3166-1 alpha-2). Reject anything else. |
| minutes | Must be a positive integer between 1 and 1440. Reject non-numeric or out-of-range values. |
| connection_type | Must be one of: any, datacenter, residential. Reject anything else. |
| format | Must be one of: text, json. Reject anything else. |
| URLs (for Step 5) | Must start with http:// or https://, contain no shell metacharacters (` ` $ ( ) ; & | < > \n`), and be a well-formed URL. |
Rules:
-d JSON payloads via string concatenation with user input. Use a safe static template and only insert validated values.curl, always quote the URL and proxy URI arguments.WebFetch) for fetching user-specified URLs rather than constructing curl commands.Check whether $TPN_API_KEY is set in the environment (OpenClaw injects this automatically from your config):
[ -n "$TPN_API_KEY" ] && echo "API key is set" || echo "API key is not set" β never echo, log, or display the key value itself.| Situation | Use format | Why |
|-----------|--------------|-----|
| Just need a working proxy URI | text (default) | No parsing needed |
| Need to show structured host/port/user/pass breakdown | json | Gives individual fields |
| Not sure | text | Simpler, fewer things to break |
If you choose json, parse the response with jq:
curl -s ... | jq -r '.vpnConfig.username'If jq is not available, use format=text instead β it returns a plain socks5:// URI that needs no parsing.
Do not usepython -c,grep,cut, or other shell-based JSON parsing fallbacks. These patterns risk shell injection when combined with dynamic inputs. Stick tojqorformat=text.
curl -s -X POST https://api.taoprivatenetwork.com/api/v1/proxy/generate \
-H "Content-Type: application/json" \
-H "X-API-Key: $TPN_API_KEY" \
-d '{"minutes": 60, "format": "text", "connection_type": "any"}'Map the user's request to these parameters:
| Field | Type | Required | Default | Description |
|-------------------|---------|----------|---------|------------------------------------------------|
| minutes | integer | yes | β | Lease duration (1β1440). Default to 60 if not specified. |
| geo | string | no | any | ISO country code (e.g. "US", "DE", "JP") |
| format | string | no | text | "text" for URI string, "json" for object |
| connection_type | string | no | any | "any", "datacenter", or "residential" |
Safe JSON body construction: Always build the-dJSON payload as a static single-quoted string with only validated values inserted. Validategeo(2 uppercase letters),minutes(integer 1β1440),connection_type(enum), andformat(enum) per the validation rules above before constructing the curl command. Never concatenate raw user input into the JSON body or any part of the command.
Show the full proxy credentials so the user can immediately connect. These are temporary (scoped to the lease duration) and safe to display in context. Use the socks5h:// scheme (with h) to ensure DNS resolves through the proxy β this protects user DNS privacy. (When the agent fetches URLs in Step 5, it uses socks5:// instead β see Step 5.) Include:
socks5h:// URIcurl example when relevantAfter generating the proxy, make the request yourself. Use socks5:// (not socks5h://) so DNS resolves locally β the validated IP is the connected IP.
Use the agent's built-in HTTP tools (e.g. WebFetch) to fetch the URL through the proxy. This is the preferred method β it avoids shell command construction entirely.
URL validation β every check must pass before fetching:
http:// or https:// ` $ ( ) ; & | < >` newlines.internal, .local, .localhost, .localdomain, .corp, .lan, metadata.*, single-label hostnames127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16, ::1, fd00::/8, 169.254.169.254Fallback β curl (only if WebFetch is unavailable). Always double-quote the URL and proxy URI:
curl --proxy "socks5://username:password@ip:port" \
--connect-timeout 10 --max-time 30 \
"https://validated-target-url.com"Return the response content to the user β the goal is a complete answer, not a proxy they still need to use themselves.
These show exactly what users ask and what you should respond. Study these β they are the gold standard.
User: "Give me a socks5 config for Belgium"
You: (generate a BE proxy yourself, then respond:)
Here's your Belgian SOCKS5 proxy (valid 60 minutes):
>
> Host: 185.42.170.3 > Port: 1080 > Username: u_0CKaBqdE > Password: p_sT6yM3zabqRuhqrahzGOl4i4RTEDgQ7V > Scheme: socks5h > Expires: 2026-02-16T15:30:00Z >
>
Full URI: socks5h://u_0CKaBqdE:p_sT6yM3zabqRuhqrahzGOl4i4RTEDgQ7V@185.42.170.3:1080
>
curl example:
>
> curl --proxy socks5h://u_0CKaBqdE:p_sT6yM3zabqRuhqrahzGOl4i4RTEDgQ7V@185.42.170.3:1080 \ > --connect-timeout 10 --max-time 30 \ > https://ipv4.icanhazip.com >
>
This should return a Belgian IP. The proxy expires in 60 minutes β let me know if you need a longer lease.
User: "Show me a curl command that proxies over Germany"
You: (generate a DE proxy yourself, then respond:)
Here's a curl command routed through a German proxy:
>
> curl --proxy socks5h://u_0E4k7kJ6:p_z2HsXTEXJHYiobwCcfOaU1YMS1tg3m0i@5.39.255.64:1080 \ > --connect-timeout 10 --max-time 30 \ > https://example.com >
>
Replace https://example.com with your target URL. This proxy expires at 2026-02-16T14:47:20Z.
User: "Call icanhazip.com from the Netherlands"
You: (generate an NL proxy yourself, fetch icanhazip.com through it, then respond:)
I fetched https://ipv4.icanhazip.com through a Dutch proxy. The response:
>
> 82.148.30.91 >
>
That's the exit IP in the Netherlands. The proxy is still active until 2026-02-16T15:12:00Z if you need more requests.
User: "I need a residential US proxy for 2 hours"
You: (generate a US residential proxy with minutes=120, then respond:)
Here's your US residential proxy (valid 2 hours, 25 credits):
>
> Host: 68.210.185.149 > Port: 1080 > Username: u_02NyffuT > Password: p_CIYLqgIyLZ1rSvZGQbdh3lyxQQBcBsQn > Scheme: socks5h > Type: residential > Expires: 2026-02-16T16:41:00Z >
>
Full URI: socks5h://u_02NyffuT:p_CIYLqgIyLZ1rSvZGQbdh3lyxQQBcBsQn@68.210.185.149:1080
>
Residential IPs are less likely to be blocked. Let me know if you need a different country.
User: "How many credits do I have left?"
You: (call GET /api/v1/user/balance yourself, then respond:)
You have 74 credits remaining.
>
For reference, a 60-minute proxy costs 20 credits and a 10-minute proxy costs 10 credits. You can buy more at https://api.taoprivatenetwork.com β packages start at 1,000 credits for $9.99.
User: "Use a proxy to check if my site looks right from Germany"
You: (generate a DE proxy, fetch their site through it, then respond:)
I fetched your site through a German proxy (IP: 91.203.50.12):
>
- Status: 200 OK
- Content-Language: de β looks like your site detected the German IP and served the German version
- Page title: "Willkommen bei Example"
>
Everything seems to be working correctly for German visitors. Want me to check from another country?
User: "Set up TPN" / "How do I get started with TPN?"
You: (check if a key already exists β if yes, tell them they're set up; if no:)
To get started with TPN:
>
1. Go to https://api.taoprivatenetwork.com and create an account
2. From the dashboard, create an API key (it'll look like tpn-abc123...)
3. Your first key comes with 100 free credits β enough for about 5 one-hour proxies
>
Once you have the key, share it with me and I'll save it for future sessions. Then I can generate proxies for you anytime.
The pattern: the user asks, you act, you return results. You never tell the user how to call the API β you call it yourself and hand them the output.
Base URL: https://api.taoprivatenetwork.com
Authentication: Pass X-API-Key: as a request header. Not Authorization: Bearer.
| Method | Path | Auth | Description |
|--------|-------------------------------|------------|---------------------------------|
| POST | /api/v1/proxy/generate | API key | Generate SOCKS5 proxy |
| POST | /api/v1/vpn/generate | API key | Generate WireGuard VPN |
| GET | /api/v1/user/balance | API key | Check credit balance |
| GET | /api/v1/vpn/countries | none | List available countries |
| POST | /api/v1/vpn/cost | none | Calculate credit cost |
| GET | /api/v1/vpn/stats | none | Network statistics |
| GET | /api/v1/health | none | Health check |
| POST | /api/v1/x402/proxy/generate | x402 | Generate SOCKS5 proxy (x402) |
| POST | /api/v1/x402/vpn/generate | x402 | Generate WireGuard VPN (x402) |
/proxy/generate with format=text:
{
"success": true,
"vpnConfig": "socks5://u_02NyffuT:p_CIYLqgIyLZ1rSvZGQbdh3lyxQQBcBsQn@9.160.73.2:1080",
"minutes": 60,
"expiresAt": "2026-02-14T19:08:25.690Z",
"creditsUsed": 20,
"type": "socks5"
}/proxy/generate with format=json:
{
"success": true,
"vpnConfig": {
"username": "u_0CKaBqdE",
"password": "p_sT6yM3zabqRuhqrahzGOl4i4RTEDgQ7V",
"ip_address": "68.210.185.149",
"port": 1080
},
"minutes": 60,
"expiresAt": "2026-02-14T19:08:23.958Z",
"creditsUsed": 20,
"usedFallback": false,
"type": "socks5",
"connection_type": "any"
}/vpn/countries query parameters| Param | Type | Default | Description |
|-------------------|--------|---------|--------------------------------------------------|
| format | string | json | "json" for array, "text" for newline-separated |
| type | string | code | "code" for ISO codes, "name" for full names |
| connection_type | string | any | "any", "datacenter", or "residential" |
Only show these if the user explicitly asks "how do I use this in my code?" β otherwise just hand them the config.
User-facing code should always usesocks5h://(withh) to resolve DNS through the proxy, preserving DNS privacy. (The agent usessocks5://for its own fetching in Step 5, where local DNS resolution is a security feature β see Step 5.)
If proxy credentials contain special characters (@,:,/,#,?), percent-encode them (e.g.p@ssβp%40ss).
curl:
curl --proxy socks5h://username:password@ip_address:port \
--connect-timeout 10 --max-time 30 \
https://ipv4.icanhazip.comNode.js:
import { SocksProxyAgent } from 'socks-proxy-agent'
import fetch from 'node-fetch'
const agent = new SocksProxyAgent( 'socks5h://username:password@ip_address:1080' )
const controller = new AbortController()
const timeout = setTimeout( () => controller.abort(), 30_000 )
const response = await fetch( 'https://ipv4.icanhazip.com', { agent, signal: controller.signal } )
clearTimeout( timeout )
console.log( await response.text() )Python:
import requests
proxies = {
'http': 'socks5h://username:password@ip_address:1080',
'https': 'socks5h://username:password@ip_address:1080'
}
response = requests.get( 'https://ipv4.icanhazip.com', proxies=proxies, timeout=( 10, 30 ) )
print( response.text )See {baseDir}/references/api-examples.md for end-to-end examples (generate + use) in curl, JS, Node.js, and Python.
Formula: credits = ceil( 4.1 Γ minutes ^ 0.375 )
| Duration | Credits |
|----------|---------|
| 1 min | 5 |
| 5 min | 8 |
| 10 min | 10 |
| 30 min | 15 |
| 60 min | 20 |
| 120 min | 25 |
| 720 min | 49 |
| 1440 min | 63 |
Use POST /api/v1/vpn/cost with {"minutes": N} to calculate before purchasing.
Credit packages: Starter 1,000/$9.99 Β· Pro 5,000/$49.99 Β· Premium 20,000/$199.99
| Problem | Solution |
|---------------------------|----------------------------------------------------------------|
| 401 Unauthorized | Verify API key is valid β use X-API-Key header, not Bearer |
| 402 Payment Required | Insufficient credits β buy more or use the x402 flow |
| 503 Service Unavailable | No miners available β credits are refunded, retry later |
| Connection timeout | Proxy lease may have expired β generate a new one |
| DNS not resolving (user) | Use socks5h:// (with h) for remote DNS resolution |
| DNS not resolving (agent) | Agent uses socks5:// β verify local DNS resolution in check 5 |
Operational rules:
socks5h:// for DNS privacysocks5:// so local DNS validation is authoritativeGET /api/v1/user/balance before generating proxies in bulkexpiresAt β never cache or reuse credentials beyond that time503 occurs, credits are refunded automatically β retry after a short delayThe x402 protocol enables pay-per-request access using USDC on Base. No account or API key needed β ideal for autonomous agents that already support x402.
If you are an x402-capable agent, you already know how to handle the payment handshake. The TPN x402 endpoints follow the standard protocol:
POST /api/v1/x402/proxy/generate β returns HTTP 402 with a standard payment-required headerSame request body as the centralised endpoint. No X-API-Key needed.
See {baseDir}/references/x402-examples.md for curl and browser JS examples, and the x402 spec for full protocol details. Signing is handled entirely by external libraries β this skill provides endpoint URLs only.
Generated Mar 1, 2026
Companies can use TPN proxies to anonymously gather pricing data, product availability, and promotional offers from competitor websites across different geographic regions. This allows businesses to monitor market trends without revealing their corporate identity or triggering anti-scraping measures.
Marketing agencies and advertisers can verify that their digital ads are appearing correctly on target websites across different countries and ISPs. The residential proxies help detect ad fraud by simulating real user traffic patterns from various locations to ensure campaign integrity.
Streaming services and content platforms can test how their interfaces, pricing, and content libraries appear to users in different countries. This helps ensure proper geo-restriction implementation and localized user experiences before launching in new markets.
Researchers can ethically collect web data from multiple geographic locations for social science studies, price comparison research, or cultural analysis. The decentralized nature provides diverse IP sources while maintaining compliance with data collection ethics.
Cybersecurity firms can simulate attacks from various geographic locations to test clients' web application firewalls and intrusion detection systems. The residential IPs provide realistic traffic patterns that mimic actual user behavior across different regions.
Charge users based on proxy usage time (minutes) with tiered pricing for different connection types (datacenter vs residential). Offer bulk discounts for enterprise clients and provide detailed usage analytics through the API. Revenue comes from both API key subscriptions and x402 micropayments.
Provide white-labeled proxy solutions for businesses needing reliable, scalable proxy infrastructure. Offer custom SLAs, dedicated support, and integration assistance for companies in e-commerce, ad tech, and security sectors. Include advanced features like session persistence and custom geo-targeting.
Create a marketplace where developers can build and sell proxy-based applications using TPN's infrastructure. Take a percentage of third-party app revenue while providing SDKs, documentation, and developer support. Encourage ecosystem growth around the core proxy technology.
π¬ Integration Tip
Start with the text format for simple proxy generation, then graduate to JSON format when you need structured credential parsing - always validate user inputs before API calls to prevent injection attacks.
Google Maps Grounding Lite MCP for location search, weather, and routes via mcporter.
Analyze local PCAP/PCAPNG files with tshark to generate detailed network forensics reports including talkers, ports, DNS, TLS, HTTP, and anomaly summaries.
Auto-report fail2ban banned IPs to AbuseIPDB and notify via Telegram. Use when monitoring server security, reporting attackers, or checking banned IPs. Watches fail2ban for new bans, reports them to AbuseIPDB, and sends alerts.
Manage printers via CUPS on macOS (discover, add, print, queue, status, wake).
Verify the bead daemon is alive and responsive
Monitor DX clusters for rare station spots, track active DX expeditions, and get daily band activity digests for amateur radio operators.